When the DTLS handshake is finished the app data is sent cipher and with the header of DTLS. It has an option to set that the app data are send without cipher but in this option the data is sent without the DTLS header.
It is possible to send the app data ciphered and without the DTLS header?

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.

Could you please provide some details about what you mean by 'sending data without the DTLS header'? The presence of the header itself is fairly important, as it contains certain fields needed to establish the order and encryption parameters of the record.

Right, so all your former questions concern DTLS-SRTP then. That makes the things clearer.

As SecureBlackbox does not support use_srtp extension out of the box, you need to implement its format yourself as described here. What you need to be able to do is serialize the content of the extension (p. 4.1.1) to array of bytes and decode it back to the form that can be processed by your SRTP engine.

To attach the encoded extension to the DTLS component (either client or server), use its Extensions property. On the client the extension should be added before calling the Open() method; the best place to do that on the server is inside the OnExtensionsReceived event handler.

To read the contents of use_srtp extension received from the remote party, use dtls.PeerExtensions extensions object. The received extension will be populated in the dtls.PeerExtensions.get_OtherExtensions() list for you; you can find it by looking for an extension object with ExtensionType of 14.

Great, we are glad that you've managed to make the things work for you.

As per this document, you need to generate encryption keys yourself basing on the DTLS master secret value.

While the master secret is not publicly available in SecureBlackbox implementation of DTLS, the value is declared in the 'protected' section of TElDTLSClient component interface, and as such you can access it by creating your own descendant of TElDTLSClient and switching from TElDTLSClient to that descendant. In that case you could create a new property, say MasterSecret, and return the value of FTLS1MasterSecret field from the getter of that property:

Code

byte[] MasterSecret
{
get { return this.FTLS1MasterSecret; }
}

The master secret value will be available upon successful setup of DTLS session.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.